Industrial organizations relying on the widely-used Rapid SCADA open-source platform are confronted with a serious security risk as seven vulnerabilities, including critical exploits, have been identified by Claroty researchers. These vulnerabilities, categorized by CISA as allowing unauthorized access, remote code execution, and other potential threats, pose significant dangers to sensitive industrial systems.
Despite the severity of these flaws, the Rapid SCADA developers have yet to release patches, despite being made aware of the vulnerabilities in early July 2023. In a recent advisory, CISA alerted industrial organizations to the potential risks associated with these unpatched vulnerabilities.
The flaws could potentially allow attackers to read sensitive files, remotely execute arbitrary code, gain access through phishing attacks, escalate privileges, obtain administrator passwords, and access internal code information. One of the vulnerabilities has been classified as ‘critical,’ and two as ‘high severity.
The urgency to address these issues is heightened by the fact that attempts to contact Rapid SCADA developers have failed, leaving the security of industrial systems in jeopardy. Noam Moshe, a vulnerability researcher at Claroty, emphasized the widespread implementation of Rapid SCADA in various fields within the operational technology (OT) ecosystem, particularly among small and medium-sized companies due to its free and open-source nature.
Moshe highlighted that some of these vulnerabilities could be exploited by unauthenticated attackers for remote code execution, making organizations directly accessible from the internet vulnerable to potentially devastating attacks.
